4188 matches found
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These vulnerabilities could potentially allow an attacker to take control of an affected system or cause a denial-of-service condition. Adobe has released updates to the following products: Adobe Flash Player 11.6.602.180 and earlier...
Security Update Available for Adobe Shockwave Player
Adobe has released a security update for Adobe Shockwave Player 12.0.0.112 and earlier versions for Windows and Macintosh to address multiple vulnerabilities. These vulnerabilities could allow an attacker to execute arbitrary code on the affected system. US-CERT recommends that users and...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for Adobe ColdFusion 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh and UNIX to address multiple vulnerabilities. These vulnerabilities could allow an unauthorized user to bypass authentication controls. US-CERT recommends that users and administrators review...
Microsoft Releases April 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Server Software, and Security Software as part of the Microsoft Security Bulletin summary for April 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates to address multiple vulnerabilities. These vulnerabilities could allow an attacker to initiate a cross-site scripting attack or obtain sensitive information, enable privilege escalation or execute arbitrary code, or cause a denial-of-service condition...
Google Releases Google Chrome 26.0.1410.43
Google has released Google Chrome 26.0.1410.43 for Windows, Mac, Linux, and Chrome Frame to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to cause a denial of service or execute arbitrary code. US-CERT encourages users and administrators to review the Googl...
Recent Reports of DHS-Themed Ransomware (UPDATE)
US-CERT has received reports of increased activity concerning an apparently DHS-themed ransomware malware infection occurring in the wild. Users who are being targeted by the ransomware receive a message claiming that use of their computer has been suspended and that the user must pay a fine to...
Apple Releases iOS 6.1.3
Apple has released iOS 6.1.3 for the iPhone 3GS or later, iPod touch 4th generation or later, and iPad 2 or later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges, bypass security features or execute arbitrary code. US-CERT...
Google Releases Google Chrome 25.0.1364.173
Google has released Google Chrome 25.0.1364.173 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update ...
Apple Releases OS X v10.8.3 and Security Update 2013-001
Apple has released OS X v10.8.3 and Security Update 2013-001 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass authentication, leverage additional attacks, cause a denial-of-service condition or obtain sensitive information. US-CERT...
Apple Releases Security Updates for Safari on OS X
Apple has released security updates for Safari Webkit 6.0.3 to address multiple vulnerabilities. These vulnerabilities could allow a remote attacker to execute arbitrary code or cause a cross-site scripting attack. Safari 6.0.3 WebKit updates are available for the following versions: OSX Lion...
Adobe Releases Security Updates for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player to address vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system. Security updates are available for the following versions: Adobe Flash Player 11.6.602.171 and earlier versions f...
Microsoft Releases March 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Internet Explorer, Silverlight, and Server Software as part of the Microsoft Security Bulletin summary for March 2013. These vulnerabilities could allow remote code execution, elevation of privilege, or...
Google Releases Google Chrome 25.0.1364.152
Google has released Google Chrome 25.0.1364.152 for Windows, Linux, and Mac to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code, bypass security features, or cause a denial-of-service condition. US-CERT encourages users and administrators to...
Security Updates Available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of an affected system. Adobe is aware of reports that CVE-2013-0643 and CVE-2013-0648 are being exploited in the wild in...
UPDATE: Ongoing Malicious Cyber Activity Against U.S. Government and Private Sector Entities
UPDATE: The United States Department of Homeland Security, in collaboration with the Federal Bureau of Investigation and other partners, has released a second Joint Indicator Bulletin JIB through secure channels. Confirmed members of the cybersecurity community of practice, which may include...
Apple Releases Security Update for Java on OS X
Apple has released a security update for Java on OS X Lion v10.7 or later, OS X Lion Server v10.7 or later, OS X Mountain Lion 10.8 or later, Mac OS X v10.6.8, and Mac OS X Server v10.6.8 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code...
Updated Release of the February 2013 Oracle Java SE Critical Patch Update
Oracle has released an updated February 2013 Critical Patch Update for Oracle Java SE to address a vulnerability. This vulnerability could allow a remote unauthenticated attacker to execute arbitrary code on vulnerable systems or to provide unauthorized disclosure of information. The following...
Google Releases Google Chrome 25.0.1364.87
Google has released Google Chrome 25.0.1364.87 to address multiple vulnerabilities. These vulnerabilities may allow an attacker to cause a denial-of-service condition or bypass security features. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and update...
Mozilla Releases Multiple Updates
The Mozilla Foundation has released updates for the following products to address multiple vulnerabilities. Firefox 19.0 Firefox ESR 17.0.3 Thunderbird 17.0.3 Thunderbird ESR 17.0.3 SeaMonkey 2.16 These vulnerabilities could allow an attacker to execute arbitrary code, bypass security features, o...
Adobe Releases Security Updates for Adobe Reader and Acrobat
Adobe has released a security advisory for Adobe Reader and Acrobat to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe is aware of reports that two vulnerabilities...
Research In Motion Releases Security Update for BlackBerry Enterprise Server
Research In Motion RIM has released a security advisory for BlackBerry Enterprise Server to address multiple vulnerabilities. Exploitation of these vulnerabilities could allow an attacker to execute arbitrary code or allow elevation of privileges. RIM has released updates for the following...
Adobe Releases Security Advisory for Adobe Flash Player
Adobe has released a security advisory for Adobe Flash Player to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to cause a denial-of-service condition or take control of the affected system. Adobe has released updates for the following versions: Adob...
Microsoft Releases Advance Notification for February Security Bulletin
Microsoft has issued a Security Bulletin Advance Notification indicating that its February release will contain eleven bulletins. These bulletins will have the severity rating of critical and important, and will be for Microsoft Windows, Internet Explorer, Server Software, and .NET Framework. The...
Microsoft Releases February 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Server Software, Office, and .NET Framework as part of the Microsoft Security Bulletin summary for February 2013. These vulnerabilities could allow remote code execution, allow elevation of privileg...
Apple Releases Security Update for OS X Server
Apple has released a security update for OS X Server v2.2.1 for OS X Mountain Lion v10.8 or later to address multiple vulnerabilities. These vulnerabilities may allow a remote attacker to execute arbitrary code. US-CERT encourages users and administrators to review Apple Support Article HT5644 an...
Oracle Releases Out-of-Band Patch to Address Java 7 Vulnerabilities
Oracle has released an out-of-band patch to address multiple vulnerabilities in the Java Runtime Environment JRE 7 Update 11 and earlier. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the bulletin and follow...
Apple Releases iOS 6.1
Apple has released iOS 6.1 for the iPhone 3GS and later, iPod touch 4th generation and later, and iPad 2 and later to address multiple vulnerabilities. These vulnerabilities may allow an attacker to operate with elevated privileges or execute arbitrary code. US-CERT encourages users and...
CERT Releases UPnP Security Advisory
Multiple vulnerabilities have been announced in libupnp, the open source portable SDK for UPnP devices. Libupnp is employed by hundreds of vendors for UPnP-enabled devices. Information is also available in CERT Vulnerability Note VU922681. US-CERT recommends that affected UPnP device vendors and...
Cisco Releases Security Advisory for Cisco Wireless LAN Controllers
The Cisco Wireless LAN Controller Cisco WLC product family is affected by multiple vulnerabilities that could potentially cause a denial-of-service condition, allow unauthorized access, or allow an attacker to execute code remotely. Cisco has released software updates that address these...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix to address multiple vulnerabilities in Adobe ColdFusion versions 10, 9.0.2, 9.0.1 and 9.0 for Windows, Macintosh, and UNIX. These vulnerabilities could allow an attacker to bypass authentication controls. US-CERT recommends that users and administrators review...
Oracle Releases January 2013 Security Advisory
Oracle has released its Critical Patch Update for January 2013 to address 86 vulnerabilities across multiple products. This update contains the following security fixes: 6 for Oracle Database Server 7 for Oracle Fusion Middleware 13 for Oracle Enterprise Manager Grid Control 9 for Oracle E-Busine...
CERT Releases Oracle Java 7 Security Advisory
CERT released Vulnerability Note VU625617 to address a vulnerability in Oracle Java Runtime Environment JRE 7 and earlier that is currently being exploited in the wild. This vulnerability may allow an attacker to execute arbitrary code on vulnerable systems. US-CERT encourages users and...
Microsoft Releases January 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...
Microsoft Releases Advance Notification for January Security Bulletin
Microsoft has issued a Security Bulletin Advanced Notification indicating that its January release will contain seven bulletins. These bulletins will have the serverity rating of critical and important and will be for Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framewor...
Microsoft Releases January 2013 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework as part of the Microsoft Security Bulletin summary for January 2013. These vulnerabilities could allow remote code execution, elevation of privilege,...
Microsoft Releases Security Advisory on Fraudulent Digital Certificates
Microsoft has released Security Advisory 2798897 in response to active attacks using fraudulent digital certificates issued by TURKTRUST Inc. These fraudulent certificates could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This vulnerability affects al...
Microsoft Releases Security Advisory for Internet Explorer
Microsoft has released Security Advisory 2794220 to address a vulnerability in Microsoft Internet Explorer 6, 7, and 8. This vulnerability may allow an attacker to execute arbitrary code if a user accesses a specially crafted website. Microsoft is aware of targeted attacks that attempt to exploit...
Google Releases Google Chrome 23.0.1271.97
Google has released Google Chrome 23.0.1271.97 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial of service. US-CERT encourages users and administrators to review the Google Chrome...
Microsoft Releases December 2012 Security Bulletin
Microsoft has released updates to address vulnerabilities in Microsoft Windows, Internet Explorer, Microsoft Office, and Microsoft Server Software as part of the Microsoft Security Bulletin summary for December 2012. These vulnerabilities could allow an attacker to bypass security features or...
Google Releases Google Chrome 23.0.1271.95
Google has released Google Chrome 23.0.1271.95 for Windows, Mac, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome...
Google Releases Google Chrome 23.0.1271.91
Google has released Google Chrome 23.0.1271.91 for Windows, Mac, Linux, and ChromeFrame to address multiple vulnerabilities. These vulnerabilities could result in a denial of service or allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google...
Adobe Releases Security Update for ColdFusion
Adobe has released a security hotfix for ColdFusion 10 Update 1 and above for Windows. This hotfix resolves a vulnerability affecting ColdFusion on Windows Internet Information Services IIS, which could result in a denial of service. US-CERT encourages users and administrators to review Adobe...
Holiday Season Phishing Scams and Malware Campaigns
Since the winter holidays are quickly approaching, US-CERT is republishing this entry to increase awareness about phishing scams and malware campaigns. In the past, US-CERT has received reports of an increased number of phishing scams and malware campaigns that take advantage of the winter holida...
Microsoft Releases November 2012 Security Bulletin
Microsoft has released updates to address multiple vulnerabilities in Microsoft Windows Shell, .NET Framework, Windows Kernel-Mode drivers, Excel, Internet Information Services IIS, and cumulative security updates for Internet Explorer as part of the Microsoft Security Bulletin Summary for Novemb...
Cisco Releases Security Advisory for Cisco Secure Access Control Systems (ACS)
Cisco Secure Access Control Systems ACS contains a vulnerability that could allow an unauthenticated, remote attacker to bypass the TACACS+ based authentication service offered by the product. Cisco has released software updates that address this vulnerability. US-CERT encourages users and...
Google Releases Google Chrome 23.0.1271.64
Google has released Google Chrome 23.0.1271.64 for Windows, Macintosh, Linux and Chrome Frame to address multiple vulnerabilities. These vulnerabilities may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review the Google Chrome Release blog entry and...
Security Updates Available for Adobe Flash Player
Adobe has released security updates for Adobe Flash Player. These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system. Secure updates are available for the following versions of Adobe Flash Player: Adobe Flash Player...
Cisco Releases Security Advisory for Cisco Prime Data Center Network Manager
Cisco Prime Data Center Network Manager DCNM contains a remote command execution vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary commands on the computer that is running the Cisco Prime DCNM application. Cisco has released software updates that address this...
Adobe Releases Security Bulletin for Flash Player
Adobe has released a security bulletin for Adobe Flash Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Flash Player 11.4.402.278 and earlier versions for Windows, Adobe Flash Player 11.4.402.265 and earlier versions for Macintosh, Adobe Flash Player 11.2.202.238 and...